[英]Kubernetes - Network Policy to allow traffic on port only within a namespace
I need to create a.network policy which accept the traffic (ingress + egress) between all pods inside the same namespace on a specific port ONLY (for example on port 9200).我需要创建一个网络策略,该策略仅在特定端口(例如端口 9200)上接受同一命名空间内所有 pod 之间的流量(入口 + 出口)。
I labeled my namespace called calico using kubectl label ns calico type=clico
我使用
kubectl label ns calico type=clico
I tried the below policy but after creating it, I created a pod to test te.net on port 9200 and it is not allowed.我尝试了以下策略,但在创建它之后,我创建了一个 pod 来在端口 9200 上测试 te.net,但这是不允许的。
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: test-network-policy
namespace: calico
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
ingress:
- from:
- namespaceSelector:
matchLabels:
type: calico
- podSelector: {}
ports:
- protocol: TCP
port: 9200
egress:
- to:
- namespaceSelector:
matchLabels:
type: calico
- podSelector: {}
ports:
- protocol: TCP
port: 9200
Looks like a typo in namespace label: type= clico and policy definition: matchLabels: type: calico看起来像是命名空间 label 中的拼写错误:type= clico和策略定义:matchLabels:type: calico
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.